Symantec AntiVirus for Linux: How to Compile Auto-Protect Kernel Modules under Ubuntu

Article:TECH95496  |  Created: 2009-01-12  |  Updated: 2012-05-24  |  Article URL http://www.symantec.com/docs/TECH95496
Article Type
Technical Solution


Issue



After following the instructions in the article How to install Symantec AntiVirus for Linux on Ubuntu, Auto-Protect is not enabled. 

Some kernels are supported by the install packages supplied with Symantec AntiVirus for Linux (SAVFL), and Auto-Protect will function immediately.  Some are not and require an extra, manual step.  (See System requirements for Symantec AntiVirus for Linux 1.0 for details on kernels currently supported.)  As of SAVFL version 1.0.8, it is possible to compile and install Auto-Protect kernel modules for Linux versions that are not otherwise supported by Symantec.



 


Solution




For details, consult the README that comes in the source tarball (e.g. ap-kernelmodule-1.0.10-26.tar.gz) for Auto-Protect.

The steps for Ubuntu can be summarized as follows:
 

  • Install the development tools for your particular Ubuntu version:

    sudo apt-get install linux-headers-$(uname -r) build-essential


  • Extract the source tarball.
     
  • For SAVFL 1.0.8 only, the build.sh file must be modified because there is an if-then statement that is not properly constructed:

    if [ "$kernelVerNumber" -gt "132632" ] ; then   #kernel version >= 2.6.24
              buildFlags="$buildFlags UBUNTU=1"


    Change the -gt to -ge, and the if-then statement will work as described in the comment.

    Note:
    For newer builds (1.0.9 and higher), this modification is not needed.
     
  • Run build.sh as follows from a terminal window, where /path/to/expanded/folder is where build.sh is located, i.e. /home/user/Desktop/ap-kernelmodule-1.0.10-26:

    cd /path/to/expanded/folder
    sudo ./build.sh --kernel-dir /lib/modules/$(uname -r)/build


    A message will be displayed indicating that the build was successful. 

  • Copy the kernel modules (as directed in README) to /opt/Symantec/autoprotect/ and restart the system (or restart autoprotect and rtvscand daemons).

    sudo cp ./bin.ira/* /opt/Symantec/autoprotect
    sudo /etc/init.d/autoprotect restart
    sudo /etc/init.d/rtvscand restart

 

Auto-Protect should function normally after this operation is complete.  Downloading an eicar test file will trigger a detection. 


Technical Information
If the if-then statement is not modified as described, you may get an error similar to the following when running build.sh (Ubuntu 8.04 -- Hardy):


CFLAGS was changed in "/home/admin/Desktop/sav-linux-1.0.8-17/ap-kernelmodule-1.0.8-17/symev/Makefile". Fix it to use EXTRA_CFLAGS.

 

 




Legacy ID



2009081214270148


Article URL http://www.symantec.com/docs/TECH95496


Terms of use for this information are found in Legal Notices